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1 1. (currently amended) A policy enforcement system for enforcing policies defining 

2 what actions belonging to a first type thereof first entities defined in a computer 

3 system may perform on second entities defined in the computer system, 

4 the policy enforcement system being of the type that includes 

5 a policy server including a policy database of the policies; and 

6 a policy enforcer that controls performance of the first type of action and is 

7 capable of communicating a request to perform an action of the first type to the policy 

8 server, the policy enforcer permitting performance of the action only if a response 

9 from the policy server indicates that the policies permit the action and 

10 the policy enforcement system being characterized in that: 

1 1 the policy data base is extensible to include policies for actions belonging to 

12 an additional type thereo f and the policy enforcement system is thereby extensible to 

13 include .wh e r e by an additional policy enforcer which controls performance of 

14 actions of the additional type may b e add e d to the policy e nforc e ment system . 

1 2. (original) The policy enforcement system set forth in claim 1 further characterized 

2 in that: 

3 the policy database is of the class wherein policies are defined in terms of sets 

4 of the first entities and sets of the second entities and 

5 the policy database is further extensible to include an additional type of the 

6 first entities and/or 

7 an additional type of the second entities. 

1 3. (original) The policy enforcement system set forth in claim 2 further characterized 

2 in that: 

3 an action attribute may be associated in the database with a set of the first 

4 entities and/or a set of the second entities, the action attribute specifying a manner in 

5 which an action specified in a given policy is to be performed as regards entities in the 

6 set of first entities and/or entities in the set of second entities. 
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1 4. (original) The policy enforcement system set forth in claim 3 further characterized 

2 in that: 

3 the database is further extensible to include an additional type of action 

4 attributes. 



5. (currently amended) The policy enforcement system set forth in an y one of claims 
1 through 4 and 13 further characterized in that: 

the additional policy enforcer controls performance of actions at a level of the 
computer system which is different from that at which the policy enforcer controls 
performance of actions. 



6. (currently amended) The policy enforcement system set forth in any one of claims 
1 through 4 and 13 further characterized in that: 

at least one of the policy enforcers is at a location in the computer system that 
is remote from the policy server. 
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7. (currently amended) The policy enforcement system set forth in any one of claims 
1 through 4 and 13 further characterized in that: 

the policy enforcer controls a second entity that is not part of the computer 

system. 



1 8. (currently amended) A policy database that is implemented in a data storage device 

2 that is accessible to a processor and that belongs to the class of policy databases ef-the 

3 elass wherein policies are defined in terms of sets of first entities, sets of second 

4 entities, and actions, a given policy defining a given action which an entity 

5 belonging to a given set of the first entities may perform on an entity belonging to a 

6 given set of the second entities and 

7 the policy database being characterized in that: 

8 a further condition may be associated in the database with the given policy, the 

9 furth e r condition determining at the time a r e qu e sting entity b e longing to the given 

10 s e t of first e ntities mak e s a r e qu e st to perform the giv e n action on an e ntity belonging 

11 to th e giv e n s e t of s e cond entiti e s whether th e requesting e ntity may p e rform th e 
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aetien the processor responding to a request to determine whether a particular entity 
belonging to the set of first entities to which the given policy applies to may perform 
the given action on a particular entity belonging to the set of second entities to which 
the given policy applies by determining that the particular entity may not perform the 
given action if the further condition is not satisfied at the time the processor responds 
to the requests 



1 9. (original) The policy database set forth in claim 8 further characterized in that: 

2 the further condition is a time interval specification associated with the given 

3 policy, the time interval specification specifying an interval of time during which 

4 entities belonging to the given set of first entities specified in the given policy may 

5 perform the given action specified therein on entities belonging to the given set of 

6 second entities specified therein. 

1 10. (currently amended) A policy database that is implemented in a data storage 

2 device that is accessible to a processor and that belongs to the class of policy 

3 databases of th e class wherein policies are defined in terms of sets of first entities, sets 

4 of second entities, and actions, a given policy defining a given action which an entity 

5 belonging to a given set of the first entities may perform on an entity belonging to a 

6 given set of the second entities and 

7 the policy database being characterized in that: 

8 an action attribute may be associated in the database with the given set of first 

9 entities and/or the given set of second entities, the action attribute specifying a manner 

10 in which the given action specified in the given policy is to be performe d, the 

11 processor responding to a request to determine whether a particular entity may 

12 perform an action to which the given policy applies in a particular manner by 

13 determining that the requesting entity may not perform the action unless the particular 

14 manner is the manner specified by the action attribute . 

1 11. (original) The policy database set forth in claim 10 further characterized in that: 

2 the database is extensible to include new types of action attributes. 
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1 12. (original) The policy database set forth in claim 10 further characterized in that: 

2 an action attribute condition may be associated in the database with an action 

3 attribute for the given policy, the action attribute condition determining whether a 

4 requesting entity belonging to the given set of first entities can perform the given 

5 action as specified in the action attribute on an entity in the given set of second 

6 entities at the time the requesting entity makes the request. 

1 13. (new) The policy enforcement system set forth in claim 1 further characterized in 

2 that: 

3 the additional type of action is defined by a user of the policy enforcement 

4 system; and 

5 the policy enforcement system includes a user interface for extending the 

6 policy database by adding the user-defined additional type of action thereto. 
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